X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/6e2b4ccc44cc0e84337b9b74479c347985edab1c..8e669ac162fe3b1040297f1d021de10778dce9d9:/src/src/malware.c

diff --git a/src/src/malware.c b/src/src/malware.c
index 9e32ed59f..1cc6aea5c 100644
--- a/src/src/malware.c
+++ b/src/src/malware.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/malware.c,v 1.6 2005/01/13 10:09:36 ph10 Exp $ */
+/* $Cambridge: exim/src/src/malware.c,v 1.7 2005/02/17 11:58:26 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -29,7 +29,7 @@ int mksd_scan_packed(int sock);
 #define DERR_TIMEOUT                (1<<9)   /* scan timeout has run out */
 #define DERR_BAD_CALL               (1<<15)  /* wrong command */
 
-/* Routine to check whether a system is big- or litte-endian. 
+/* Routine to check whether a system is big- or litte-endian.
    Ripped from http://www.faqs.org/faqs/graphics/fileformats-faq/part4/section-7.html
    Needed for proper kavdaemon implementation. Sigh. */
 #define BIG_MY_ENDIAN      0
@@ -58,34 +58,34 @@ int malware(uschar **listptr) {
   int roffset;
   const pcre *re;
   const uschar *rerror;
-  
+
   /* make sure the eml mbox file is spooled up */
   mbox_file = spool_mbox(&mbox_size);
   if (mbox_file == NULL) {
     /* error while spooling */
     log_write(0, LOG_MAIN|LOG_PANIC,
            "malware acl condition: error while creating mbox spool file");
-    return DEFER;  
+    return DEFER;
   };
   /* none of our current scanners need the mbox
      file as a stream, so we can close it right away */
   fclose(mbox_file);
-  
+
   /* extract the malware regex to match against from the option list */
   if ((malware_regex = string_nextinlist(&list, &sep,
                                          malware_regex_buffer,
                                          sizeof(malware_regex_buffer))) != NULL) {
-    
+
     /* parse 1st option */
-    if ( (strcmpic(malware_regex,US"false") == 0) || 
+    if ( (strcmpic(malware_regex,US"false") == 0) ||
          (Ustrcmp(malware_regex,"0") == 0) ) {
       /* explicitly no matching */
       return FAIL;
     };
-    
+
     /* special cases (match anything except empty) */
-    if ( (strcmpic(malware_regex,US"true") == 0) || 
-         (Ustrcmp(malware_regex,"*") == 0) || 
+    if ( (strcmpic(malware_regex,US"true") == 0) ||
+         (Ustrcmp(malware_regex,"*") == 0) ||
          (Ustrcmp(malware_regex,"1") == 0) ) {
       malware_regex = malware_regex_default;
     };
@@ -134,7 +134,7 @@ int malware(uschar **listptr) {
              "malware acl condition: av_scanner configuration variable is empty");
       return DEFER;
     };
-    
+
 	/* "drweb" scanner type ----------------------------------------------- */
 	/* v0.1 - added support for tcp sockets					*/
 	/* v0.0 - initial release -- support for unix sockets			*/
@@ -155,31 +155,31 @@ int malware(uschar **listptr) {
 		struct hostent *he;
 		struct in_addr in;
 		pcre *drweb_re;
-      
+
 		if ((drweb_options = string_nextinlist(&av_scanner_work, &sep,
 			drweb_options_buffer, sizeof(drweb_options_buffer))) == NULL) {
 			/* no options supplied, use default options */
 			drweb_options = drweb_options_default;
 		};
-  
+
 		if (*drweb_options != '/') {
-      
+
 			/* extract host and port part */
 			if( sscanf(CS drweb_options, "%s %u", hostname, &port) != 2 ) {
 				log_write(0, LOG_MAIN|LOG_PANIC,
 					"malware acl condition: drweb: invalid socket '%s'", drweb_options);
 				return DEFER;
 			}
-      
+
 			/* Lookup the host */
 			if((he = gethostbyname(CS hostname)) == 0) {
 				log_write(0, LOG_MAIN|LOG_PANIC,
 					"malware acl condition: drweb: failed to lookup host '%s'", hostname);
 				return DEFER;
 			}
-      
+
 			in = *(struct in_addr *) he->h_addr_list[0];
-      
+
 			/* Open the drwebd TCP socket */
 			if ( (sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
 				log_write(0, LOG_MAIN|LOG_PANIC,
@@ -187,64 +187,64 @@ int malware(uschar **listptr) {
 					strerror(errno));
 				return DEFER;
 			}
-      
+
 			if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
-				close(sock); 
+				close(sock);
 				log_write(0, LOG_MAIN|LOG_PANIC,
 					"malware acl condition: drweb: connection to %s, port %u failed (%s)",
 					inet_ntoa(in), port, strerror(errno));
 				return DEFER;
 			}
-  
+
 			/* prepare variables */
 			drweb_cmd = htonl(DRWEBD_SCAN_CMD);
 			drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
-			snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml", 
+			snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml",
 				    spool_directory, message_id, message_id);
-  
+
 			/* calc file size */
 			drweb_fd = open(CS scanrequest, O_RDONLY);
 			if (drweb_fd == -1) {
 				close(sock);
 				log_write(0, LOG_MAIN|LOG_PANIC,
-					"malware acl condition: drweb: can't open spool file %s: %s", 
+					"malware acl condition: drweb: can't open spool file %s: %s",
 					scanrequest, strerror(errno));
-				return DEFER; 
+				return DEFER;
 			}
 			fsize = lseek(drweb_fd, 0, SEEK_END);
 			if (fsize == -1) {
 				close(sock);
 				close(drweb_fd);
 				log_write(0, LOG_MAIN|LOG_PANIC,
-					"malware acl condition: drweb: can't seek spool file %s: %s", 
+					"malware acl condition: drweb: can't seek spool file %s: %s",
 					scanrequest, strerror(errno));
-				return DEFER; 
+				return DEFER;
 			}
 			drweb_slen = htonl(fsize);
 			lseek(drweb_fd, 0, SEEK_SET);
-  
+
 			/* send scan request */
-			if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) || 
+			if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) ||
 			    (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
 			    (send(sock, &drweb_fin, sizeof(drweb_fin), 0) < 0) ||
 			    (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0)) {
-				close(sock); 
+				close(sock);
 				close(drweb_fd);
 				log_write(0, LOG_MAIN|LOG_PANIC,
 					"malware acl condition: drweb: unable to send commands to socket (%s)", drweb_options);
 				return DEFER;
 			}
-  
+
 			drweb_fbuf = (uschar *) malloc (fsize);
 			if (!drweb_fbuf) {
 				close(sock);
 				close(drweb_fd);
 				log_write(0, LOG_MAIN|LOG_PANIC,
-					"malware acl condition: drweb: unable to allocate memory %u for file (%s)", 
+					"malware acl condition: drweb: unable to allocate memory %u for file (%s)",
 					fsize, scanrequest);
 				return DEFER;
 			}
-  
+
 			result = read (drweb_fd, drweb_fbuf, fsize);
 			if (result == -1) {
 				close(sock);
@@ -253,10 +253,10 @@ int malware(uschar **listptr) {
 				log_write(0, LOG_MAIN|LOG_PANIC,
 					"malware acl condition: drweb: can't read spool file %s: %s",
 					scanrequest, strerror(errno));
-				return DEFER; 
+				return DEFER;
 			}
 			close(drweb_fd);
-			
+
 			/* send file body to socket */
 			if (send(sock, drweb_fbuf, fsize, 0) < 0) {
 				close(sock);
@@ -273,7 +273,7 @@ int malware(uschar **listptr) {
 			if (sock < 0) {
 				log_write(0, LOG_MAIN|LOG_PANIC,
 					"malware acl condition: drweb: can't open UNIX socket");
-				return DEFER; 
+				return DEFER;
 			}
 			server.sun_family = AF_UNIX;
 			Ustrcpy(server.sun_path, drweb_options);
@@ -283,15 +283,15 @@ int malware(uschar **listptr) {
 					"malware acl condition: drweb: unable to connect to socket (%s). errno=%d", drweb_options, errno);
 				return DEFER;
 			}
-        
+
 			/* prepare variables */
 			drweb_cmd = htonl(DRWEBD_SCAN_CMD);
 			drweb_flags = htonl(DRWEBD_RETURN_VIRUSES | DRWEBD_IS_MAIL);
 			snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml", spool_directory, message_id, message_id);
 			drweb_slen = htonl(Ustrlen(scanrequest));
-  
+
 			/* send scan request */
-			if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) || 
+			if ((send(sock, &drweb_cmd, sizeof(drweb_cmd), 0) < 0) ||
 			    (send(sock, &drweb_flags, sizeof(drweb_flags), 0) < 0) ||
 			    (send(sock, &drweb_slen, sizeof(drweb_slen), 0) < 0) ||
 			    (send(sock, scanrequest, Ustrlen(scanrequest), 0) < 0) ||
@@ -302,7 +302,7 @@ int malware(uschar **listptr) {
 				return DEFER;
 			}
 		}
-  
+
 		/* wait for result */
 		if ((bread = recv(sock, &drweb_rc, sizeof(drweb_rc), 0) != sizeof(drweb_rc))) {
 			close(sock);
@@ -311,7 +311,7 @@ int malware(uschar **listptr) {
 			return DEFER;
 		}
 		drweb_rc = ntohl(drweb_rc);
-      
+
 		if ((bread = recv(sock, &drweb_vnum, sizeof(drweb_vnum), 0) != sizeof(drweb_vnum))) {
 			close(sock);
 			log_write(0, LOG_MAIN|LOG_PANIC,
@@ -319,18 +319,18 @@ int malware(uschar **listptr) {
 			return DEFER;
 		}
 		drweb_vnum = ntohl(drweb_vnum);
-		
+
 		/* "virus(es) found" if virus number is > 0 */
 		if (drweb_vnum)
 		{
 			int i;
 			uschar pre_malware_nb[256];
-			
+
 			malware_name = malware_name_buffer;
-			
+
 			/* setup default virus name */
 			Ustrcpy(malware_name_buffer,"unknown");
-			
+
 			/* read and concatenate virus names into one string */
 			for (i=0;i<drweb_vnum;i++)
 			{
@@ -342,7 +342,7 @@ int malware(uschar **listptr) {
 					return DEFER;
 				};
 				drweb_slen = ntohl(drweb_slen);
-			
+
 				/* read report body */
 				if ((bread = recv(sock, tmpbuf, drweb_slen, 0)) != drweb_slen) {
 					close(sock);
@@ -351,16 +351,16 @@ int malware(uschar **listptr) {
 					return DEFER;
 				};
 				tmpbuf[drweb_slen] = '\0';
-  
+
 				/* set up match regex, depends on retcode */
 				Ustrcpy(drweb_match_string, "infected\\swith\\s*(.+?)$");
-  
+
 				drweb_re = pcre_compile( CS drweb_match_string,
 					PCRE_COPT,
 					(const char **)&rerror,
 					&roffset,
 					NULL );
-              
+
 				/* try matcher on the line, grab substring */
 				result = pcre_exec(drweb_re, NULL, CS tmpbuf, Ustrlen(tmpbuf), 0, 0, ovector, 30);
 				if (result >= 2) {
@@ -409,20 +409,20 @@ int malware(uschar **listptr) {
       uschar buf[32768];
       struct sockaddr_un server;
       int sock;
-    
+
       if ((kav_options = string_nextinlist(&av_scanner_work, &sep,
                                            kav_options_buffer,
                                            sizeof(kav_options_buffer))) == NULL) {
         /* no options supplied, use default options */
         kav_options = kav_options_default;
       };
-    
+
       /* open the aveserver socket */
       sock = socket(AF_UNIX, SOCK_STREAM, 0);
       if (sock < 0) {
         log_write(0, LOG_MAIN|LOG_PANIC,
              "malware acl condition: can't open UNIX socket.");
-        return DEFER; 
+        return DEFER;
       }
       server.sun_family = AF_UNIX;
       Ustrcpy(server.sun_path, kav_options);
@@ -432,7 +432,7 @@ int malware(uschar **listptr) {
              "malware acl condition: unable to connect to aveserver UNIX socket (%s). errno=%d", kav_options, errno);
         return DEFER;
       }
-    
+
       /* read aveserver's greeting and see if it is ready (2xx greeting) */
       recv_line(sock, buf, 32768);
 
@@ -443,10 +443,10 @@ int malware(uschar **listptr) {
              "malware acl condition: aveserver is unavailable (Responded: %s).", ((buf[0] != 0) ? buf : (uschar *)"nothing") );
         return DEFER;
       };
-      
+
       /* prepare our command */
       snprintf(CS buf, 32768, "SCAN bPQRSTUW %s/scan/%s/%s.eml\r\n", spool_directory, message_id, message_id);
-      
+
       /* and send it */
       if (send(sock, buf, Ustrlen(buf), 0) < 0) {
         close(sock);
@@ -454,7 +454,7 @@ int malware(uschar **listptr) {
              "malware acl condition: unable to write to aveserver UNIX socket (%s)", kav_options);
         return DEFER;
       }
-      
+
       malware_name = NULL;
       /* read response lines, find malware name and final response */
       while (recv_line(sock, buf, 32768) > 0) {
@@ -484,15 +484,15 @@ int malware(uschar **listptr) {
                                       US"CONFIGURE\tTIMEOUT\t0\n",
                                       US"CONFIGURE\tMAXARCH\t5\n",
                                       US"CONFIGURE\tMIME\t1\n" };
-      
+
       malware_name = NULL;
       if ((fsecure_options = string_nextinlist(&av_scanner_work, &sep,
                                                fsecure_options_buffer,
-                                               sizeof(fsecure_options_buffer))) == NULL) { 
+                                               sizeof(fsecure_options_buffer))) == NULL) {
          /* no options supplied, use default options */
          fsecure_options = fsecure_options_default;
       };
-     
+
       /* open the fsecure socket */
       sock = socket(AF_UNIX, SOCK_STREAM, 0);
       if (sock < 0) {
@@ -510,7 +510,7 @@ int malware(uschar **listptr) {
                   fsecure_options, strerror(errno));
         return DEFER;
       }
-       
+
       /* pass options */
       memset(av_buffer, 0, sizeof(av_buffer));
       for (i=0; i != 4; i++) {
@@ -520,9 +520,9 @@ int malware(uschar **listptr) {
           log_write(0, LOG_MAIN|LOG_PANIC,
                     "malware acl condition: unable to write fsecure option %d to %s (%s)",
                     i, fsecure_options, strerror(errno));
-          return DEFER; 
+          return DEFER;
         };
-       
+
         bread = read(sock, av_buffer, sizeof(av_buffer));
         if (bread >0) av_buffer[bread]='\0';
         if (bread < 0) {
@@ -535,7 +535,7 @@ int malware(uschar **listptr) {
         /* debug_printf("read answer %d read=%d \"%s\"\n", i, bread, av_buffer ); */
         /* while (Ustrstr(av_buffer, "OK\tServer configured.@") == NULL); */
       };
- 
+
       /* pass the mailfile to fsecure */
       snprintf(CS file_name,1024,"SCAN\t%s/scan/%s/%s.eml\n", spool_directory, message_id, message_id);
       /* debug_printf("send scan %s",file_name); */
@@ -546,11 +546,11 @@ int malware(uschar **listptr) {
                   fsecure_options, strerror(errno));
         return DEFER;
       };
-       
+
       /* set up match */
       /* todo also SUSPICION\t */
       fs_inf = pcre_compile("\\S{0,5}INFECTED\\t[^\\t]*\\t([^\\t]+)\\t\\S*$", PCRE_COPT, (const char **)&rerror, &roffset, NULL);
- 
+
       /* read report, linewise */
       do {
         int ovector[30];
@@ -569,7 +569,7 @@ int malware(uschar **listptr) {
         while ((i < sizeof(av_buffer)-1 ) && (av_buffer[i-1] != '\n'));
         av_buffer[i-1] = '\0';
         /* debug_printf("got line \"%s\"\n",av_buffer); */
-         
+
         /* Really search for virus again? */
         if (malware_name == NULL) {
           /* try matcher on the line, grab substring */
@@ -582,7 +582,7 @@ int malware(uschar **listptr) {
         };
       }
       while (Ustrstr(av_buffer, "OK\tScan ok.") == NULL);
-      close(sock);      
+      close(sock);
     }
     /* ----------------------------------------------------------------------- */
 
@@ -600,20 +600,20 @@ int malware(uschar **listptr) {
       int kav_rc;
       unsigned long kav_reportlen, bread;
       pcre *kav_re;
-    
+
       if ((kav_options = string_nextinlist(&av_scanner_work, &sep,
                                            kav_options_buffer,
                                            sizeof(kav_options_buffer))) == NULL) {
         /* no options supplied, use default options */
         kav_options = kav_options_default;
       };
-    
+
       /* open the kavdaemon socket */
       sock = socket(AF_UNIX, SOCK_STREAM, 0);
       if (sock < 0) {
         log_write(0, LOG_MAIN|LOG_PANIC,
              "malware acl condition: can't open UNIX socket.");
-        return DEFER; 
+        return DEFER;
       }
       server.sun_family = AF_UNIX;
       Ustrcpy(server.sun_path, kav_options);
@@ -623,12 +623,12 @@ int malware(uschar **listptr) {
              "malware acl condition: unable to connect to kavdaemon UNIX socket (%s). errno=%d", kav_options, errno);
         return DEFER;
       }
-      
+
       /* get current date and time, build scan request */
       time(&t);
       strftime(CS tmpbuf, sizeof(tmpbuf), "<0>%d %b %H:%M:%S:%%s/scan/%%s", localtime(&t));
       snprintf(CS scanrequest, 1024,CS tmpbuf, spool_directory, message_id);
-      
+
       /* send scan request */
       if (send(sock, scanrequest, Ustrlen(scanrequest)+1, 0) < 0) {
         close(sock);
@@ -636,7 +636,7 @@ int malware(uschar **listptr) {
              "malware acl condition: unable to write to kavdaemon UNIX socket (%s)", kav_options);
         return DEFER;
       }
-      
+
       /* wait for result */
       if ((bread = recv(sock, tmpbuf, 2, 0) != 2)) {
         close(sock);
@@ -644,7 +644,7 @@ int malware(uschar **listptr) {
              "malware acl condition: unable to read 2 bytes from kavdaemon socket.");
         return DEFER;
       }
-    
+
       /* get errorcode from one nibble */
       if (test_byte_order() == LITTLE_MY_ENDIAN) {
         kav_rc = tmpbuf[0] & 0x0F;
@@ -652,7 +652,7 @@ int malware(uschar **listptr) {
       else {
         kav_rc = tmpbuf[1] & 0x0F;
       };
-    
+
       /* improper kavdaemon configuration */
       if ( (kav_rc == 5) || (kav_rc == 6) ) {
         close(sock);
@@ -660,39 +660,39 @@ int malware(uschar **listptr) {
              "malware acl condition: please reconfigure kavdaemon to NOT disinfect or remove infected files.");
         return DEFER;
       };
-      
+
       if (kav_rc == 1) {
         close(sock);
         log_write(0, LOG_MAIN|LOG_PANIC,
              "malware acl condition: kavdaemon reported 'scanning not completed' (code 1).");
         return DEFER;
       };
-    
+
       if (kav_rc == 7) {
         close(sock);
         log_write(0, LOG_MAIN|LOG_PANIC,
              "malware acl condition: kavdaemon reported 'kavdaemon damaged' (code 7).");
         return DEFER;
       };
-    
+
       /* code 8 is not handled, since it is ambigous. It appears mostly on
       bounces where part of a file has been cut off */
-    
+
       /* "virus found" return codes (2-4) */
       if ((kav_rc > 1) && (kav_rc < 5)) {
         int report_flag = 0;
-        
+
         /* setup default virus name */
         Ustrcpy(malware_name_buffer,"unknown");
         malware_name = malware_name_buffer;
-      
+
         if (test_byte_order() == LITTLE_MY_ENDIAN) {
           report_flag = tmpbuf[1];
         }
         else {
           report_flag = tmpbuf[0];
         };
-      
+
         /* read the report, if available */
         if( report_flag == 1 ) {
           /* read report size */
@@ -702,7 +702,7 @@ int malware(uschar **listptr) {
                   "malware acl condition: cannot read report size from kavdaemon");
             return DEFER;
           };
-  
+
           /* it's possible that avp returns av_buffer[1] == 1 but the
           reportsize is 0 (!?) */
           if (kav_reportlen > 0) {
@@ -711,18 +711,18 @@ int malware(uschar **listptr) {
               Ustrcpy(kav_match_string, "suspicion:\\s*(.+?)\\s*$");
             else
               Ustrcpy(kav_match_string, "infected:\\s*(.+?)\\s*$");
-  
+
             kav_re = pcre_compile( CS kav_match_string,
                                    PCRE_COPT,
                                    (const char **)&rerror,
                                    &roffset,
                                    NULL );
-            
-            /* read report, linewise */  
+
+            /* read report, linewise */
             while (kav_reportlen > 0) {
               int result = 0;
               int ovector[30];
-              
+
               bread = 0;
               while ( recv(sock, &tmpbuf[bread], 1, 0) == 1 ) {
                 kav_reportlen--;
@@ -731,7 +731,7 @@ int malware(uschar **listptr) {
               };
               bread++;
               tmpbuf[bread] = '\0';
-              
+
               /* try matcher on the line, grab substring */
               result = pcre_exec(kav_re, NULL, CS tmpbuf, Ustrlen(tmpbuf), 0, 0, ovector, 30);
               if (result >= 2) {
@@ -746,12 +746,12 @@ int malware(uschar **listptr) {
         /* no virus found */
         malware_name = NULL;
       };
-    
+
       close(sock);
     }
     /* ----------------------------------------------------------------------- */
-    
-    
+
+
     /* "cmdline" scanner type ------------------------------------------------ */
     else if (strcmpic(scanner_name,US"cmdline") == 0) {
       uschar *cmdline_scanner;
@@ -772,7 +772,7 @@ int malware(uschar **listptr) {
       int trigger = 0;
       int result;
       int ovector[30];
-      
+
       /* find scanner command line */
       if ((cmdline_scanner = string_nextinlist(&av_scanner_work, &sep,
                                           cmdline_scanner_buffer,
@@ -780,9 +780,9 @@ int malware(uschar **listptr) {
         /* no command line supplied */
         log_write(0, LOG_MAIN|LOG_PANIC,
              "malware acl condition: missing commandline specification for cmdline scanner type.");
-        return DEFER; 
+        return DEFER;
       };
-    
+
       /* find scanner output trigger */
       if ((cmdline_trigger = string_nextinlist(&av_scanner_work, &sep,
                                           cmdline_trigger_buffer,
@@ -790,9 +790,9 @@ int malware(uschar **listptr) {
         /* no trigger regex supplied */
         log_write(0, LOG_MAIN|LOG_PANIC,
              "malware acl condition: missing trigger specification for cmdline scanner type.");
-        return DEFER; 
+        return DEFER;
       };
-    
+
       /* precompile trigger regex */
       cmdline_trigger_re = pcre_compile(CS cmdline_trigger, PCRE_COPT, (const char **)&rerror, &roffset, NULL);
       if (cmdline_trigger_re == NULL) {
@@ -800,7 +800,7 @@ int malware(uschar **listptr) {
                  "malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_trigger_re, rerror, roffset);
         return DEFER;
       };
-    
+
       /* find scanner name regex */
       if ((cmdline_regex = string_nextinlist(&av_scanner_work, &sep,
                                              cmdline_regex_buffer,
@@ -808,9 +808,9 @@ int malware(uschar **listptr) {
         /* no name regex supplied */
         log_write(0, LOG_MAIN|LOG_PANIC,
              "malware acl condition: missing virus name regex specification for cmdline scanner type.");
-        return DEFER; 
+        return DEFER;
       };
-    
+
       /* precompile name regex */
       cmdline_regex_re = pcre_compile(CS cmdline_regex, PCRE_COPT, (const char **)&rerror, &roffset, NULL);
       if (cmdline_regex_re == NULL) {
@@ -818,17 +818,17 @@ int malware(uschar **listptr) {
                  "malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_regex_re, rerror, roffset);
         return DEFER;
       };
-    
+
       /* prepare scanner call */
       snprintf(CS file_name,1024,"%s/scan/%s", spool_directory, message_id);
       snprintf(CS commandline,1024, CS cmdline_scanner,file_name);
       /* redirect STDERR too */
       Ustrcat(commandline," 2>&1");
-      
+
       /* store exims signal handlers */
       eximsigchld = signal(SIGCHLD,SIG_DFL);
       eximsigpipe = signal(SIGPIPE,SIG_DFL);
-      
+
       scanner_out = popen(CS commandline,"r");
       if (scanner_out == NULL) {
         log_write(0, LOG_MAIN|LOG_PANIC,
@@ -837,10 +837,10 @@ int malware(uschar **listptr) {
         signal(SIGPIPE,eximsigpipe);
         return DEFER;
       };
-      
+
       snprintf(CS file_name,1024,"%s/scan/%s/%s_scanner_output", spool_directory, message_id, message_id);
       scanner_record = fopen(CS file_name,"w");
-      
+
       if (scanner_record == NULL) {
         log_write(0, LOG_MAIN|LOG_PANIC,
                  "malware acl condition: opening scanner output file (%s) failed: %s.", file_name, strerror(errno));
@@ -849,7 +849,7 @@ int malware(uschar **listptr) {
         signal(SIGPIPE,eximsigpipe);
         return DEFER;
       };
-      
+
       /* look for trigger while recording output */
       while(fgets(CS linebuffer,32767,scanner_out) != NULL) {
         if ( Ustrlen(linebuffer) > fwrite(linebuffer, 1, Ustrlen(linebuffer), scanner_record) ) {
@@ -865,17 +865,17 @@ int malware(uschar **listptr) {
         if (!trigger && regex_match_and_setup(cmdline_trigger_re, linebuffer, 0, -1))
           trigger = 1;
       };
-      
+
       fclose(scanner_record);
       pclose(scanner_out);
       signal(SIGCHLD,eximsigchld);
       signal(SIGPIPE,eximsigpipe);
-      
+
       if (trigger) {
         /* setup default virus name */
         Ustrcpy(malware_name_buffer,"unknown");
         malware_name = malware_name_buffer;
-        
+
         /* re-open the scanner output file, look for name match */
         scanner_record = fopen(CS file_name,"r");
         while(fgets(CS linebuffer,32767,scanner_record) != NULL) {
@@ -893,8 +893,8 @@ int malware(uschar **listptr) {
       };
     }
     /* ----------------------------------------------------------------------- */
-    
-    
+
+
     /* "sophie" scanner type ------------------------------------------------- */
     else if (strcmpic(scanner_name,US"sophie") == 0) {
       uschar *sophie_options;
@@ -905,20 +905,20 @@ int malware(uschar **listptr) {
       int sock;
       uschar file_name[1024];
       uschar av_buffer[1024];
-      
+
       if ((sophie_options = string_nextinlist(&av_scanner_work, &sep,
                                           sophie_options_buffer,
                                           sizeof(sophie_options_buffer))) == NULL) {
         /* no options supplied, use default options */
         sophie_options = sophie_options_default;
       };
-    
+
       /* open the sophie socket */
       sock = socket(AF_UNIX, SOCK_STREAM, 0);
       if (sock < 0) {
         log_write(0, LOG_MAIN|LOG_PANIC,
              "malware acl condition: can't open UNIX socket.");
-        return DEFER; 
+        return DEFER;
       }
       server.sun_family = AF_UNIX;
       Ustrcpy(server.sun_path, sophie_options);
@@ -928,18 +928,18 @@ int malware(uschar **listptr) {
              "malware acl condition: unable to connect to sophie UNIX socket (%s). errno=%d", sophie_options, errno);
         return DEFER;
       }
-      
+
       /* pass the scan directory to sophie */
       snprintf(CS file_name,1024,"%s/scan/%s", spool_directory, message_id);
       if (write(sock, file_name, Ustrlen(file_name)) < 0) {
         close(sock);
         log_write(0, LOG_MAIN|LOG_PANIC,
              "malware acl condition: unable to write to sophie UNIX socket (%s)", sophie_options);
-        return DEFER; 
+        return DEFER;
       };
-      
+
       write(sock, "\n", 1);
-      
+
       /* wait for result */
       memset(av_buffer, 0, sizeof(av_buffer));
       if ((!(bread = read(sock, av_buffer, sizeof(av_buffer))) > 0)) {
@@ -948,9 +948,9 @@ int malware(uschar **listptr) {
              "malware acl condition: unable to read from sophie UNIX socket (%s)", sophie_options);
         return DEFER;
       };
-    
+
       close(sock);
-    
+
       /* infected ? */
       if (av_buffer[0] == '1') {
         if (Ustrchr(av_buffer, '\n')) *Ustrchr(av_buffer, '\n') = '\0';
@@ -968,7 +968,7 @@ int malware(uschar **listptr) {
       };
     }
     /* ----------------------------------------------------------------------- */
-    
+
 
     /* "clamd" scanner type ------------------------------------------------- */
     /* This code was contributed by David Saez */
@@ -979,7 +979,7 @@ int malware(uschar **listptr) {
       uschar *p,*vname;
       struct sockaddr_un server;
       int sock,bread=0;
-      unsigned int port; 
+      unsigned int port;
       uschar file_name[1024];
       uschar av_buffer[1024];
       uschar hostname[256];
@@ -1005,26 +1005,26 @@ int malware(uschar **listptr) {
                                              sizeof(clamd_options2_buffer))) == NULL) {
         clamd_options2 = clamd_options2_default;
       }
-    
+
       /* socket does not start with '/' -> network socket */
       if (*clamd_options != '/') {
-    
+
         /* extract host and port part */
         if( sscanf(CS clamd_options, "%s %u", hostname, &port) != 2 ) {
           log_write(0, LOG_MAIN|LOG_PANIC,
                     "malware acl condition: clamd: invalid socket '%s'", clamd_options);
           return DEFER;
         };
-    
+
         /* Lookup the host */
         if((he = gethostbyname(CS hostname)) == 0) {
           log_write(0, LOG_MAIN|LOG_PANIC,
                     "malware acl condition: clamd: failed to lookup host '%s'", hostname);
           return DEFER;
         }
-    
+
         in = *(struct in_addr *) he->h_addr_list[0];
-    
+
         /* Open the ClamAV Socket */
         if ( (sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
           log_write(0, LOG_MAIN|LOG_PANIC,
@@ -1032,9 +1032,9 @@ int malware(uschar **listptr) {
                     strerror(errno));
           return DEFER;
         }
-    
+
         if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
-          close(sock); 
+          close(sock);
           log_write(0, LOG_MAIN|LOG_PANIC,
                     "malware acl condition: clamd: connection to %s, port %u failed (%s)",
                     inet_ntoa(in), port, strerror(errno));
@@ -1044,9 +1044,9 @@ int malware(uschar **listptr) {
         if (strcmpic(clamd_options2,US"local") == 0) {
 
       /* Pass the string to ClamAV (7 = "SCAN \n" + \0) */
-    
+
           snprintf(CS file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id);
-    
+
           if (send(sock, file_name, Ustrlen(file_name), 0) < 0) {
             close(sock);
             log_write(0, LOG_MAIN|LOG_PANIC,"malware acl condition: clamd: unable to write to socket (%s)",
@@ -1072,33 +1072,33 @@ int malware(uschar **listptr) {
                   strerror(errno));
             return DEFER;
           }
-    
+
           if (bread == sizeof(av_buffer)) {
             log_write(0, LOG_MAIN|LOG_PANIC,
                   "malware acl condition: clamd: buffer too small");
             return DEFER;
           }
-    
+
           if (!(*av_buffer2)) {
             log_write(0, LOG_MAIN|LOG_PANIC,
                   "malware acl condition: clamd: ClamAV returned null");
             return DEFER;
           }
-    
+
           av_buffer2[bread] = '\0';
           if( sscanf(CS av_buffer2, "PORT %u\n", &port) != 1 ) {
             log_write(0, LOG_MAIN|LOG_PANIC,
                     "malware acl condition: clamd: Expected port information from clamd, got '%s'", av_buffer2);
             return DEFER;
           };
-    
+
           if ( (sockData = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
             log_write(0, LOG_MAIN|LOG_PANIC,
                     "malware acl condition: clamd: unable to acquire socket (%s)",
                     strerror(errno));
             return DEFER;
           }
-    
+
           if (ip_connect(sockData, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
             close(sockData);
             log_write(0, LOG_MAIN|LOG_PANIC,
@@ -1109,34 +1109,34 @@ int malware(uschar **listptr) {
 
 	  snprintf(CS scanrequest, 1024,CS"%s/scan/%s/%s.eml",
 	    spool_directory, message_id, message_id);
-  
+
 	  /* calc file size */
 	  clam_fd = open(CS scanrequest, O_RDONLY);
 	  if (clam_fd == -1) {
 	    log_write(0, LOG_MAIN|LOG_PANIC,
-		    "malware acl condition: clamd: can't open spool file %s: %s", 
+		    "malware acl condition: clamd: can't open spool file %s: %s",
 		    scanrequest, strerror(errno));
-	    return DEFER; 
+	    return DEFER;
 	  }
 	  fsize = lseek(clam_fd, 0, SEEK_END);
 	  if (fsize == -1) {
 	    log_write(0, LOG_MAIN|LOG_PANIC,
-		    "malware acl condition: clamd: can't seek spool file %s: %s", 
+		    "malware acl condition: clamd: can't seek spool file %s: %s",
 		    scanrequest, strerror(errno));
-	    return DEFER; 
+	    return DEFER;
 	  }
 	  lseek(clam_fd, 0, SEEK_SET);
-  
+
 	  clamav_fbuf = (uschar *) malloc (fsize);
 	  if (!clamav_fbuf) {
 	    close(sockData);
 	    close(clam_fd);
 	    log_write(0, LOG_MAIN|LOG_PANIC,
-		    "malware acl condition: clamd: unable to allocate memory %u for file (%s)", 
+		    "malware acl condition: clamd: unable to allocate memory %u for file (%s)",
 		    fsize, scanrequest);
 	    return DEFER;
 	  }
-  
+
 	  result = read (clam_fd, clamav_fbuf, fsize);
 	  if (result == -1) {
 	    close(sockData);
@@ -1145,7 +1145,7 @@ int malware(uschar **listptr) {
 	    log_write(0, LOG_MAIN|LOG_PANIC,
 		    "malware acl condition: clamd: can't read spool file %s: %s",
 		    scanrequest, strerror(errno));
-	    return DEFER; 
+	    return DEFER;
 	  }
 	  close(clam_fd);
 
@@ -1169,10 +1169,10 @@ int malware(uschar **listptr) {
                     strerror(errno));
           return DEFER;
         }
-    
+
         server.sun_family = AF_UNIX;
         Ustrcpy(server.sun_path, clamd_options);
-    
+
         if (connect(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
           close(sock);
           log_write(0, LOG_MAIN|LOG_PANIC,
@@ -1181,27 +1181,27 @@ int malware(uschar **listptr) {
           return DEFER;
         }
       }
-    
+
       /* Pass the string to ClamAV (7 = "SCAN \n" + \0) */
-    
+
       snprintf(CS file_name,1024,"SCAN %s/scan/%s\n", spool_directory, message_id);
-    
+
       if (send(sock, file_name, Ustrlen(file_name), 0) < 0) {
         close(sock);
         log_write(0, LOG_MAIN|LOG_PANIC,"malware acl condition: clamd: unable to write to socket (%s)",
                   strerror(errno));
         return DEFER;
       }
-    
-      /* 
+
+      /*
         We're done sending, close socket for writing.
-        
+
         One user reported that clamd 0.70 does not like this any more ...
-        
+
       */
-      
+
       /* shutdown(sock, SHUT_WR); */
-    
+
       /* Read the result */
       memset(av_buffer, 0, sizeof(av_buffer));
       bread = read(sock, av_buffer, sizeof(av_buffer));
@@ -1213,32 +1213,32 @@ int malware(uschar **listptr) {
                   strerror(errno));
         return DEFER;
       }
-    
+
       if (bread == sizeof(av_buffer)) {
         log_write(0, LOG_MAIN|LOG_PANIC,
                   "malware acl condition: clamd: buffer too small");
         return DEFER;
       }
-    
+
       /* Check the result. ClamAV Returns
          infected: -> "<filename>: <virusname> FOUND"
          not-infected: -> "<filename>: OK"
 		error: -> "<filename>: <errcode> ERROR */
-         
+
       if (!(*av_buffer)) {
         log_write(0, LOG_MAIN|LOG_PANIC,
                   "malware acl condition: clamd: ClamAV returned null");
         return DEFER;
       }
-    
+
       /* colon in returned output? */
       if((p = Ustrrchr(av_buffer,':')) == NULL) {
         log_write(0, LOG_MAIN|LOG_PANIC,
                   "malware acl condition: clamd: ClamAV returned malformed result: %s",
-                  av_buffer);  
+                  av_buffer);
         return DEFER;
       }
-    
+
       /* strip filename strip CR at the end */
       ++p;
       while (*p == ' ') ++p;
@@ -1271,8 +1271,8 @@ int malware(uschar **listptr) {
       }
     }
     /* ----------------------------------------------------------------------- */
-    
-    
+
+
     /* "mksd" scanner type --------------------------------------------------- */
     else if (strcmpic(scanner_name,US"mksd") == 0) {
       uschar *mksd_options;
@@ -1282,7 +1282,7 @@ int malware(uschar **listptr) {
       struct sockaddr_un server;
       int sock;
       int retval;
-      
+
       if ((mksd_options = string_nextinlist(&av_scanner_work, &sep,
                                             mksd_options_buffer,
                                             sizeof(mksd_options_buffer))) != NULL) {
@@ -1294,13 +1294,13 @@ int malware(uschar **listptr) {
           return DEFER;
         }
       }
-      
+
       /* open the mksd socket */
       sock = socket(AF_UNIX, SOCK_STREAM, 0);
       if (sock < 0) {
         log_write(0, LOG_MAIN|LOG_PANIC,
              "malware acl condition: can't open UNIX socket.");
-        return DEFER; 
+        return DEFER;
       }
       server.sun_family = AF_UNIX;
       Ustrcpy(server.sun_path, "/var/run/mksd/socket");
@@ -1310,11 +1310,11 @@ int malware(uschar **listptr) {
              "malware acl condition: unable to connect to mksd UNIX socket (/var/run/mksd/socket). errno=%d", errno);
         return DEFER;
       }
-      
+
       malware_name = NULL;
-      
+
       retval = mksd_scan_packed(sock);
-      
+
       if (retval != OK)
         return retval;
     }
@@ -1327,7 +1327,7 @@ int malware(uschar **listptr) {
       return DEFER;
     };
     /* ----------------------------------------------------------------------- */
-  
+
     /* set "been here, done that" marker */
     malware_ok = 1;
   };
@@ -1367,7 +1367,7 @@ int recv_line(int sock, uschar *buffer, int size) {
 int mksd_writev (int sock, struct iovec *iov, int iovcnt)
 {
   int i;
-  
+
   for (;;) {
     do
       i = writev (sock, iov, iovcnt);
@@ -1378,7 +1378,7 @@ int mksd_writev (int sock, struct iovec *iov, int iovcnt)
                 "malware acl condition: unable to write to mksd UNIX socket (/var/run/mksd/socket)");
       return -1;
     }
-    
+
     for (;;)
       if (i >= iov->iov_len) {
         if (--iovcnt == 0)
@@ -1397,7 +1397,7 @@ int mksd_read_lines (int sock, uschar *av_buffer, int av_buffer_size)
 {
   int offset = 0;
   int i;
-  
+
   do {
     if ((i = recv (sock, av_buffer+offset, av_buffer_size-offset, 0)) <= 0) {
       close (sock);
@@ -1405,7 +1405,7 @@ int mksd_read_lines (int sock, uschar *av_buffer, int av_buffer_size)
                 "malware acl condition: unable to read from mksd UNIX socket (/var/run/mksd/socket)");
       return -1;
     }
-    
+
     offset += i;
     /* offset == av_buffer_size -> buffer full */
     if (offset == av_buffer_size) {
@@ -1415,7 +1415,7 @@ int mksd_read_lines (int sock, uschar *av_buffer, int av_buffer_size)
       return -1;
     }
   } while (av_buffer[offset-1] != '\n');
-  
+
   av_buffer[offset] = '\0';
   return offset;
 }
@@ -1423,7 +1423,7 @@ int mksd_read_lines (int sock, uschar *av_buffer, int av_buffer_size)
 int mksd_parse_line (char *line)
 {
   char *p;
-  
+
   switch (*line) {
     case 'O':
       /* OK */
@@ -1459,7 +1459,7 @@ int mksd_scan_packed (int sock)
   struct iovec iov[7];
   char *cmd = "MSQ/scan/.eml\n";
   uschar av_buffer[1024];
-  
+
   iov[0].iov_base = cmd;
   iov[0].iov_len = 3;
   iov[1].iov_base = CS spool_directory;
@@ -1472,15 +1472,15 @@ int mksd_scan_packed (int sock)
   iov[4].iov_len = 1;
   iov[6].iov_base = cmd + 9;
   iov[6].iov_len = 5;
-  
+
   if (mksd_writev (sock, iov, 7) < 0)
     return DEFER;
-  
+
   if (mksd_read_lines (sock, av_buffer, sizeof (av_buffer)) < 0)
     return DEFER;
-  
+
   close (sock);
-  
+
   return mksd_parse_line (CS av_buffer);
 }